“We have retained independent cyber security and fraud prevention expertise to analyze our processes and systems to assist in our investigation and to ensure we are protected from any future attempts to defraud our organization.”

Terry Curtis, vice-president of corporate relations with EEDC, told Global News the organization was first alerted to suspicious activity by its bank late last year.

“We were notified by our bank in late 2018 that there were irregularities in a transaction and at the beginning of January, we confirmed that there was fraudulent activity and we commenced an investigation,” he said. “I can’t give a lot of information on the phishing scheme itself because there is an ongoing investigation with the authorities as well as some third parties that we’ve invited to do some cyber security investigations for us.”

Curtis said EEDC has hired Deloitte, a professional services firm, to help it with a cyber security audit and to make recommendations on how to better prevent such online scams.

“We’re also working with our auditor of record to dig into the details of this particular transaction as well as transactions reaching back to ensure that this was only a one-time thing,” he said. “We are educating our employees, retraining them on cyber security.

“We are ensuring that no other of our vendors’ records have been altered or modified, to make sure that all of our records are in order.”

Mayor Don Iveson said the city’s internal auditor may look into the matter as well, adding “more eyes on something like this would be better and I suspect it will be part of the conversation at audit committee tomorrow.”

“[It’s] obviously very concerning because those are public dollars in the hands of EEDC to achieve economic development goals,” Iveson said. “This is happening around the world. You know, we’ve seen it happen in Edmonton with other public organizations so EEDC is not unique, but clearly this will need to be investigated and if processes need to change, which clearly they will have to in response to this, council will want a full report on all of that in its shareholder capacity and as funder.”

Watch below: (From April 2018) MacEwan University says it has recovered much of the $11.8 million dollars it was scammed out of in a phishing incident last year. Sarah Kraus has the latest.

According to Curtis, the scam resulted in EEDC paying out a single payment of $375,000. He said he could not divulge what company or entity was being impersonated online by the con artist(s).

Curtis said one of EEDC’s most common financial routines is taking money from other entities and funnelling them elsewhere.

“We disperse them (funds) in one lump sum to another party related to the work that we do either in tourism, in economic development, in the innovation space or for one of the venues that we manage,” he said. “For example, we may collect funds from Travel Alberta, the City of Edmonton, the Government of Canada — all towards one particular project and then we would make one dispersement to the vendor or supplier.

“Every dollar that is under our watch is public funds and we take that responsibility very seriously.”

Curtis said if the funds cannot be recouped, EEDC has “contingencies in place to deal with these types of issues if they arise.”

“We have strict controls in place around how we distribute, disperse, control our funds to prevent just this type of thing,” he said.

According to Curtis, EEDC has added new controls with regard to log-in verifications for employees who need to use EEDC online systems.

“After doing our own internal audit and the audit that we have done every year by a third party, we’re satisfied that this was the only instance of of this occurring,” he said. “We’ve been in touch with vendors and suppliers to verify that the payments that we’ve been making to them have been received.”

Iveson said all organizations are now facing a growing threat of being targeted by cybercriminals, “particularly organizations in charge of larger amounts of money and so this is not something that’s going away.”

On Thursday, EEDC’s CEO issued a statement in which he said the organization values transparency and is “completely open to the timing and scope of the audit at the direction of the city Auditor and council.”

“As an agency funded by the citizens of Edmonton, we know it’s vital that taxpayers have trust and confidence that their money is being used appropriately and effectively,” Derek Hudson said.

“We’re fortunate to be stewards of public funds and we take this responsibility very seriously.

“Work is well underway to understand how our strict processes could let something like a phishing attack happen and we welcome the support of the city auditor to help us fully understand what happened and do everything possible to prevent and control future attacks.”

Hudson said while previous discussions with the auditor seemed to indicate it would be better for shareholders to have an audit in 2020 because of “a number of initiatives that are underway at EEDC,” the agency is still more than willing to begin working with the auditor immediately.

“As an agency of the City of Edmonton, we’re completely open to the auditor looking at our processes, practices and controls,” he said.